Does Disable Everything have any unpatched vulnerabilities?

No. All known vulnerabilities in Disable Everything have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Disable Everything compatible with WordPress 6.9.4?

According to WordPress.org data, Disable Everything 0.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Disable Everything updated?

Disable Everything was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Disable Everything's security score?

Disable Everything has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Disable Everything Security & Risk Analysis

wordpress.org/plugins/disable-everything

Greatly Improve Performance by Disabling All Unnecessary Features. All with this One lightweight plugin.

20K active installs v0.4.1 PHP + WP 3.9+ Updated Dec 3, 2025

bloatdisableremoveremove-bloatunbloat

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Disable Everything Safe to Use in 2026?

Generally Safe

Score 100/100

Disable Everything has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'disable-everything' plugin v0.4.1 exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface, and crucially, there are no unprotected entry points identified. The plugin also demonstrates good practices by exclusively using prepared statements for its SQL queries and not performing any file operations or external HTTP requests.

However, a significant concern arises from the output escaping. With 48 total outputs and only 10% properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. While no specific taint flows or dangerous functions were detected in this analysis, the lack of proper output sanitization creates an environment where user-supplied data, if ever introduced to these outputs, could be exploited. The complete lack of nonce checks and capability checks is also a notable weakness, especially in conjunction with the insufficient output escaping.

The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the current static analysis findings of no critical or high-severity issues (aside from the output escaping), suggests that the plugin has been developed with security in mind regarding direct code execution vectors. Nevertheless, the prevalent output escaping issues represent a tangible risk that needs to be addressed.

Key Concerns

Insufficient output escaping
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Disable Everything Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Disable Everything Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

10% escaped48 total outputs

Attack Surface

Disable Everything Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 36

actionpre_pingdisable-everything.php:33

filterredirect_canonicaldisable-everything.php:50

actiontemplate_redirectdisable-everything.php:64

actionadmin_headdisable-everything.php:84

filterscreen_options_show_screendisable-everything.php:87

filteradmin_bar_menudisable-everything.php:92

actionadmin_bar_menudisable-everything.php:106

actionwp_dashboard_setupdisable-everything.php:141

filteremoji_svg_urldisable-everything.php:165

filtertiny_mce_pluginsdisable-everything.php:166

filterembed_oembed_discoverdisable-everything.php:184

filtertiny_mce_pluginsdisable-everything.php:185

filterrewrite_rules_arraydisable-everything.php:190

filterxmlrpc_enableddisable-everything.php:202

filterpings_opendisable-everything.php:203

filterwp_headersdisable-everything.php:204

filterthe_generatordisable-everything.php:213

actiontemplate_redirectdisable-everything.php:238

filterrest_authentication_errorsdisable-everything.php:259

actionwp_print_stylesdisable-everything.php:271

filterwp_is_application_passwords_availabledisable-everything.php:280

filtermap_meta_capdisable-everything.php:289

filterpre_option_wp_page_for_privacy_policydisable-everything.php:296

actionadmin_menudisable-everything.php:316

actioncurrent_screendisable-everything.php:319

filterstyle_loader_srcdisable-everything.php:336

filterscript_loader_srcdisable-everything.php:346

filterfallback_intermediate_image_sizesdisable-everything.php:369

filtershould_load_remote_block_patternsdisable-everything.php:407

actioninitdisable-everything.php:410

actionwp_enqueue_scriptsdisable-everything.php:426

filterwhitelist_optionsdisable-everything.php:575

filteradmin_footer_textdisable-everything.php:877

filterplugin_row_metadisable-everything.php:894

actionadmin_menudisable-everything.php:1181

actionadmin_initdisable-everything.php:1182

Maintenance & Trust

Disable Everything Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version

Downloads49K

Community Trust

Rating100/100

Number of ratings6

Active installs20K

Alternatives

Disable Everything Alternatives

Disable Bloat for WordPress & WooCommerce

disable-dashboard-for-woocommerce

All-in-One solution to speed up your WordPress & WooCommerce. Remove unnecessary features and make your site faster and cleaner.

10K No CVEs

Unbloater

unbloater

100

Remove unnecessary code, nags and bloat from WordPress core and certain plugins.

5K No CVEs

DisablePress – All-in-One plugin to disable unnecessary features

disable-features

100

It will disable all unnecessary WordPress features and speed up your website in an elegant way.

10 No CVEs

Bloat-off – bloat removal and utilities

bloatoff-utils

100

Remove bloat and redundant functions, and further optimize your WordPress with just a few clicks.

0 No CVEs

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE

Developer Profile

Disable Everything Developer Profile

dessky

4 plugins · 21K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Disable Everything

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ